mastible/roles/mastodon-nginx/tasks/main.yml

36 lines
1.4 KiB
YAML
Raw Normal View History

2017-11-26 23:03:27 +00:00
---
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the
# Mastodon instance
- name: Install nginx and certbot
2017-11-26 23:03:27 +00:00
apt: name={{ item }} state=latest update_cache=yes
with_items:
- nginx
- letsencrypt
- name: Remove default nginx config in sites-enabled
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Copy Mastodon nginx vhost template to sites-available
template:
2017-11-26 23:03:27 +00:00
src: mastodon-nginx.conf
dest: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
2017-11-26 23:03:27 +00:00
- name: Enable Mastodon nginx vhost template
file:
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
2017-11-26 23:03:27 +00:00
state: link
- name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Restart nginx
2017-11-26 23:03:27 +00:00
service: name=nginx state=started
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Copy and enable Let's Encrypt renew script
copy:
src: letsencrypt-renew.sh
dest: /etc/cron.daily/letsencrypt-renew.sh
mode: 0700